Andre Honsberg is a software engineer who develops mostly for the Web. He lives in Hamburg Germany and works building software for the web using a wide spectrum of different technologies.

In this article I will explain how to anonymously scan a target for SQL Injection vulnerabilities with Tor, Polipo, SQLmap and Fedora 16 Linux. Since I already covered how to install Tor and Polipo in this previous article I will not cover it again here. Make sure Tor and Polipo are running. If not start by running:

sudo service tor start

and to start Polipo

sudo /etc/init.d/polipo start

Now that both services are running we need to run SQLmap. SQLmap has a built in switch that will allow us to scan using Tor and Polipo very easily. To scan an example target run the following command:

-u tells SQLmap what URL to scan. --dump-all will dump all found database tables if any where exploited. The --tor switch tells SQLmap to use Tor for traffic. Last but not least, --user-agent does exactly the obvious and sets the User Agent that will be used in the scan.

To make sure this works log on to one of your servers and check the access log without the --tor switch and then with. You will notice that the IP changes. I have tested this with no problems.